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(54) Method and apparatus for a secure multicast transmission 



(57) A method and apparatus for a secure multicast 
transmission is provided. A secure multicast transmis- 
sion reservation, received at a multicast session secu- 
rity platform, is sent from a sender of a secure multicast 
transmission and may include, for example, information 
about the secure multicast transmission and information 
about which multicast receivers are authorized to 
receive the secure multicast transmission. The multicast 
session security platform also receives a request for 
security information from a requesting multicast 
receiver. The multicast session security platform may 



include, for example, a multicast session security server 
capable of communicating with a plurality of senders 
and a plurality of requesting receivers. It is determined, 
using information from the reservation, if the requesting 
receiver is authorized to receive the secure multicast 
transmission. If so, multicast transmission security infor- 
mation, such as IPSEC SA information needed to 
receive the secure multicast transmission, is sent to the 
requesting receiver. 
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Description 

Field of the Invention 

[0001] The present invention relates to multicast 
transmissions. More particularly, the present invention 
relates to a method and apparatus that may be used to 
provide a secure multicast transmission. 

Background of the Invention 

[0002] Many different types of information can be 
sent through a data communication network such as the 
Internet. The types of information include, for example, 
streams of text (including software), images (including 
still and moving images) and audio information. 
Streams that combine different types of information, 
such as multimedia content, can be transmitted as well. 
[0003] A communication network user can request 
an information stream directly from an information 
source, or "sender," which responds to the request by 
sending the stream to the user. This method of sending 
an information stream from a single point, such as the 
sender, to a single point, such as the user, is called a 
"unicast" transmission. The sender may also "broad- 
cast" the information stream through the communication 
network by sending the information to routers in the 
communication network even if no user downstream 
from a particular router is going to receive the stream. 
[0004] Both unicast and broadcast transmissions, 
however, can be very inefficient. With a unicast trans- 
mission scheme if the sender wishes to send informa- 
tion to a number of receivers, the sender must transmit 
a number of separate streams of information into the 
network, even though each stream contains exactly the 
same information. Moreover, each stream must be indi- 
vidually handled by communication nodes, or routers, in 
the network. Such an approach can result in an unac- 
ceptable amount of traffic in the network. A broadcast 
transmission can be inefficient because some routers 
may be tied up handling information streams even if no 
user downstream from a particular router receives the 
information, which is also inefficient. 
[0005] As an alternative to a unicast or broadcast 
transmission, the information stream can be sent from a 
single point to multiple points. This method of sending 
information, called a "multicast" transmission, is illus- 
trated in FIG. 1, which shows a block diagram of a 
known system for transmitting a multicast information 
stream through a communication network 200. The 
communication network 200 has a number of multicast- 
capable routers 202, and information enters the network 
as a single stream from a multicast device 210, or 
sender, to a one of those routers 202. As the stream 
travels trough the network 200, the routers 202 divide 
the stream into multiple streams as required to send the 
information downstream to other routers 202 and/or to 
locally attached interested devices 110, or "receivers." 



A user who wants to receive a particular multicast trans- 
mission can, for example, use Internet Group Manage- 
ment Protocol (IGMP) to send a "join" message to a 
local multicast-capable router 202. 
5 [0006] Note that with a multicast transmission, the 
link between the sender 210 and the communication 
network 200 only needs to carry a single stream of mul- 
ticast information. 

[0007] Depending on the nature of the multicast 

w transmission, the sender 210 and/or receiver 1 10 of a 
multicast stream may desire to make the transmission 
"secure." For example, the parties may want to make 
sure that the transmission is not received by other, 
"unauthorized," receivers. The parties may also need to 

is verify that the transmission actually originates from the 
sender 21 0 and has not been tampered with or altered. 
To provide this type of security, multicast transmission 
security information can be used by both the sender 21 0 
and the receiver 110. The Internet Protocol version 6 

20 (IPv6) Internet Protocol Security (IPSEC) standard is 
one example of an architecture that can be used to pro- 
vide a secure multicast transmission, and is described 
in Kent Stephen, "Security Architecture for the Internet 
Protocol," Network Working Group (July 1998), the 

25 entire disclosure of which is hereby incorporated by ref- 
erence. The IPSEC protocol defines, for example, 
Authentication Header (AH) and Encapsulating Security 
Payload (ESP) headers, which are generally transpar- 
ent to applications and routers, that can be used to pro- 

30 vide a secure transmission. Both the AH and ESP 
headers contain a Security Parameter Index (SPI) 
which, along with an IP destination address, identifies a 
Security Association (SA) needed to receive the multi- 
cast transmission. In general, for example, IPSEC AH 

35 information provides integrity checking information that 
lets a receiver detect if a packet was forged or modified 
while traveling across a data network. 
[0008] Typically, each receiver 1 1 0 needs to individ- 
ually request the multicast transmission security infer- 

40 mation from the sender 210. The sender 210 then 
determines if a requesting receiver 1 10 is authorized to 
receive the secure multicast transmission, and, if so, 
separately delivers the multicast transmission security 
information to each receiver 1 1 0. The receivers 1 1 0 can 

45 then use the multicast transmission security information 
to, for example, decode a secure multicast transmission 
from the sender 210. 

[0009] This approach, however, may not be practi- 
cal if the sender 210 needs to send a secure multicast 

so transmission to a large number of receivers 1 1 0. In this 
case, the sender 210 must individually communicate, 
for example, with tens of thousands requesting receiv- 
ers 110, often simultaneously, and separately process 
each request Moreover, a large number of separate 

55 responses, including the multicast transmission security 
information, must be sent back through the communica- 
tion network 200. This eliminates some of the benefits 
of using multicast technology, such as, for example, let- 



2 



3 



EP 0 994 600 A2 



4 



ting the link between the sender 210 and the communi- 
cation network 200 carry only a small amount of 
information. 

[0010] Another problem with known methods of 
providing multicast transmission security information is 
that the information each receiver 110 must provide to 
demonstrate that he or she is authorized to receive the 
secure multicast transmission may be sensitive. Such 
information may include, for example, a credit card 
number or home address, and people may hesitate to 
provide this type of information to an unfamiliar sender 
210. In addition, a sender 210 may need to coordinate 
billing and collection procedures for a large number of 
receivers 1 10, which can be a difficult task. 
[0011] In view of the foregoing, it can be appreci- 
ated that a substantial need exists for a method and 
apparatus that provides multicast transmission security 
information and solves the problems discussed above. 

Summary of The Invention 

[0012] The disadvantages of the art are alleviated 
to a great extent by a method and apparatus that pro- 
vides multicast transmission security information. A 
secure multicast transmission reservation is received at 
a multicast session security platform. The reservation is 
received from a sender of a secure multicast transmis- 
sion and may include, for example, information about 
the secure multicast transmission and information about 
which multicast receivers are authorized to receive the 
secure multicast transmission. Trie multicast session 
security platform also receives a request for security 
information from a requesting multicast receiver. The 
multicast session security platform may include, for 
example, a multicast session security server capable of 
communicating with a plurality of senders and a plurality 
of requesting receivers. It is determined, using informa- 
tion from the reservation, if the requesting receiver is 
authorized to receive the secure multicast transmission. 
If so, the multicast transmission security information, 
such as the SA information needed to receive the 
secure multicast transmission, is sent to the requesting 
receiver. The SA information may comprise, for exam- 
ple, an authentication key, and authentication key and a 
key life-time, along with other information. 
[0013] With these and other advantages and fea- 
tures of the invention that will become hereinafter 
apparent, the nature of the invention may be more 
clearly understood by reference to the following detailed 
description of the invention, the appended claims and to 
the several drawings attached herein. 

Brief Description of The Drawings 

[0014] 

FIG. 1 is a block diagram of a known system that 
transmits a multicast information stream through a 



communication network. 

FIG. 2 is a block diagram including a system that 
provides multicast transmission security informa- 
s tion according to an embodiment of the present 
invention. 

FIG. 3 is a more detailed block diagram of a system 
that provides multicast transmission security irrfor- 
10 mation according to an embodiment of the present 
invention. 

FIG. 4 is a flow diagram of a method for providing 
multicast transmission security information accord- 
75 ing to an embodiment of the present invention. 

Detailed Description 

[0015] The present invention is directed to a 
20 method and apparatus that provides multicast transmis- 
sion security information. Referring now in detail to the 
drawings wherein like parts are designated by like refer- 
ence numerals throughout, there is illustrated in FIG. 2 
a block diagram including a multicast session security 
25 platform 300 that provides multicast transmission secu- 
rity information for a communication network 200 
according to an embodiment of the present invention. 
The communication network 200 comprises a number 
of multicast-capable routers 202 that let a sender 220 
30 transmit a multicast information stream to a number of 
receivers 120. 

[0016] According to an embodiment of the present 
invention, the multicast session security platform 300 
receives a secure multicast transmission reservation 

35 from the sender 220 of a secure multicast transmission. 
The reservation may include, for example, information 
about the secure multicast transmission such as the 
title, date, time of day and duration of the transmission. 
[001 7] The reservation may also include the partic- 

40 ular security information, such as a group key or a 
IPSEC SA, needed to receive the secure multicast 
transmission, and information about which multicast 
receivers 120 are authorized to receive the secure mul- 
ticast transmission. For example, a franchisor corpora- 

45 tion may want to send a multicast transmission 
containing sensitive financial information to a number of 
franchisee corporations. In this case, the reservation 
may include a list of authorized names and passwords 
associated with each franchisee corporation. 

so [0018] Instead of a list of authorized receivers, the 
reservation may include billing information, such as a 
price that must be paid by a requesting receiver 120 
before he or she will be authorized to receive the multi- 
cast transmission. For example, the reservation may 

55 indicate that anyone who pays five dollars is authorized 
to receive a particular multicast transmission of movie. 
[0019] The multicast session security platform 300 
also receives a request for multicast transmission secu- 
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rity information from a requesting multicast receiver 
1 20. The request may be received using a secure trans- 
mission, such as a secure unicast IPSEC transmission. 
The seccure unicast transmission may be established 
using known public key techniques. As part of the initial 
request, or through some further interaction after the ini- 
tial request, the receiver 120 will provide information to 
the multicast session security platform 300, such as, for 
example, (a) the name or nature of the multicast trans- 
mission the receiver 120 wants to receive, (b) an identi- 
fier, such as a name and password, associated with the 
receiver 120 and/or (c) a credit card number or other 
billing information. 

[0020] The multicast session security platform 300 
then determines if the requesting multicast receiver 120 
is authorized to receive the secure multicast transmis- 
sion. This may be done, for example, by comparing the 
name and password of the receiver 120 with a list of 
authorized names and passwords contained in the res- 
ervation. If the requesting multicast receiver 120 is 
authorized, the multicast session security platform 300 
responds with the multicast transmission security infor- 
mation, such as the IPSEC SA information. The 
approved receiver 120 can then use this information to 
receive the secure multicast transmission from the 
sender 220. 

[0021] According to an embodiment of the present 
invention, the multicast session security platform 300 
may be configured to handle reservations and requests 
from a large number of senders 220 and receivers 120. 
For example, the multicast session security platform 
300 may have a number of pre-approved subscribers 
who are authorized to receive certain types of multicast 
transmissions or transmissions from certain senders 
220. As shown in FIG. 2, the multicast session security 
platform 300 may send the security information to a 
number of personal computers. If desired, however, the 
platform could send the information to, for example, a 
secure telephone or fax machine, a wireless Personal 
Digital Assistant (PDA) or any other type of communica- 
tion device. In addition, the security information may be 
sent through the same communication network 200 that 
will be used to transmit the secure multicast session, or 
through some other communication network. 
[0022] Moreover, the multicast session security 
platform 300 may transmit statistics to the sender 220, 
such as the total number of currently approved receiv- 
ers 120 or a total amount of money that has been col- 
lected from those receivers 1 20. 
[0023] FIG. 3 is a more detailed block diagram of a 
system that provides multicast transmission security 
information for an IP multicast network 205 according to 
an embodiment of the present invention. A multicast 
session security platform 300 includes a multicast ses- 
sion security server 350 connected to IP multicast net- 
work 205 through a communication port 352 (e.g., an 
Ethernet port). The IP multicast network 205 is com- 
prised of a number of IP multicast-capable routers 207, 
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and the Multicast Backbone (MBone) is one example of 
such a communication network. 
[0024] According to an embodiment of the present 
invention, the multicast session security server 350 

5 receives a secure multicast transmission reservation 
from a sender 230 of a secure multicast transmission. 
This may be done, for example, using a Multicast Secu- 
rity Client (MSC) application 235 installed on the sender 
230 and configured with the IP address of one or more 

10 multicast session security servers 350. The multicast 
session security server 350 and the MSC application 
1 35 may be configured to let the sender 230 submit the 
reservation using a communication network information 
page, such as a World Wide Web ("Web") page trans- 

15 mitted through the Internet. 

[0025] As described above with respect to FIG. 2, 
the reservation may include, for example, (a) the title, 
date, time of day and duration of the transmission, (b) 
an IPSEC SA - such as one using the Internet Security 

20 Association and Key Management Protocol (ISAKMP) 
framework - needed to receive the transmission, (c) a 
list of names and passwords associated with authorized 
receivers 130 and/or (d) an admission policy, such as a 
price that must be paid by each requesting receiver 130 

25 before he or she will be authorized to receive the trans- 
mission. The reservation information may be stored in a 
reservation database 310 along with reservations for 
other multicast transmissions and/or other multicast 
senders 230. 

30 [0026] The multicast session security server 350 
also receives a request for multicast transmission secu- 
rity information from a number of requesting multicast 
receivers 130. This may be done using, for example, a 
MSC application 135 running on the receiver 130, which 

35 may be configured to let a receiver request the security 
information through a Web page. This request may be 
generated by the MSC application 135 without any 
explicit action by a user. Note that if required, a multi- 
cast-unicast gateway may be installed between the IP 

40 multicast network 205 and either the sender computer 
230 or the receiver computer 130. The request may be 
received using a secure transmission, such as a secure 
unicast IPSEC transmission, and may include, for 
example, the name of a multicast transmission, a 

45 requesting name and password, and a credit card 
nunrtoer. User information, such as information associ- 
ated with a subscriber of the multicast session security 
platform 300, may also be stored in a user database 
320. Such information may include the type of multicast 

so transmissions a subscriber is authorized to receive, or 
other information based on, for example, a form filled 
out by the user when he or she subscribes to the serv- 
ice. 

[0027] The multicast session security server 350 
55 then determines if a requesting multicast receiver 1 30 is 
authorized to receive the secure multicast transmission, 
ff the requesting multicast receiver 130 is authorized, 
the multicast session security server 350 responds with 
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the multicast transmission security information, such as 
the IPSEC SA information. The SA information is used 
to establish the specific implementation of IPSEC pro- 
tection that will be used during the secure multicast 
transmission. The SA information may indicate, for 5 
example, what types of keys are required and how the 
transmission will be encrypted or authenticated. The SA 
information may also include a specific destination IP 
address, authentication key, session key and SPI that 
are needed to receive the multicast transmission. The 70 
approved receiver 130 may then use this information to 
receive the secure multicast transmission from the 
sender 230. Note that the information may requested, 
received and used by an approved receiver 130 - all 
without the user being aware of the operation, if desired. 15 
[0028] FIG. 4 is a flow diagram of a method that 
provides multicast transmission security information for 
a communication network, such as the Internet, accord- 
ing to an embodiment of the present invention. At step 
410, a secure multicast transmission reservation is 20 
received at a Multicast Session Security Platform 
(MSSP). The reservation is received from a sender of a 
secure multicast transmission and may include, for 
example, information about the secure multicast trans- 
mission and information about which multicast receivers 25 
are authorized to receive the secure multicast transmis- 
sion. 

[0029] The multicast session security platform also 
receives a request for security information from a 
requesting multicast receiver as indicated at step 420. 30 
The multicast session security platform may include, for 
example, a multicast session security server capable of 
communicating with a plurality of senders and a plurality 
of requesting receivers. It is determined, using informa- 
tion from the reservation, if a requesting receiver is 35 
authorized to receive the secure multicast transmission 
at step 430. If so, the multicast transmission security 
information, such as IPSEC SA information needed to 
receive the secure multicast transmission, is sent to the 
requesting receiver at step 440. 40 
[0030] Although various embodiments are specifi- 
cally illustrated and described herein, it will be appreci- 
ated that modifications and variations of the present 
invention are covered by the above teachings and within 
the purview of the appended claims without departing 45 
from the spirit and intended scope of the invention. For 
example, although particular system architectures were 
used to illustrate the present invention, it can be appre- 
ciated that other architectures may be used instead. 
Similarly, although particular types of security protocols so 
have been illustrated, other security protocols will ateo 
tall within the scope of the invention. Finally, although 
software or hardware are described to control certain 
functions, such functions can be performed using either 
software, hardware or a combination of software and ss 
hardware, as is well known in the art As is also known, 
software may be stored on a medium, such as, for 
example, a hard or floppy disk or a Compact Disk Read 



Only Memory (CD-ROM), in the form of instructions 
adapted to be executed by a processor. The instructions 
may be stored on the medium in a compressed and/or 
encrypted format. As used herein, the phrase "adapted 
to be executed by a processor" is meant to encompass 
instructions stored in a compressed and/or encrypted 
format, as well as instructions that have to be compiled 
or installed by an installer before being executed by the 
processor. 

Claims 

1 . A method of supplying multicast transmission secu- 
rity information to a plurality of requesting multicast 
receivers, the multicast transmission security infor- 
mation being configured to enable receipt of a 
secure multicast transmission, comprising the 
steps of: 

establishing an individual secure unicast chan- 
nel for each of the plurality of requesting multi- 
cast receivers, the secure unicast channels 
being established using security information 
different from the multicast transmission secu- 
rity information; 

receiving, through the secure unicast channel, 
authorization information from each of the plu- 
rality of requesting multicast receivers; 

determining rf each of plurality of requesting 
multicast receivers is authorized to receive the 
secure multicast transmission; and 

sending, through the secure unicast channel, 
the multicast transmission security information 
to each of the authorized requesting multicast 
receivers. 

2. The method of claim 1 , wherein the multicast trans- 
mission security information comprises Internet 
Protocol Security (IPSEC) information needed to 
receive the secure multicast transmission. 

3. A method for providing mufticast transmission secu- 
rity information, comprising the steps of: 

receiving, at a mufticast session security plat- 
form, a secure mufticast transmission reserva- 
tion from a sender of a secure multicast 
transmission, the secure multicast transmis- 
sion reservation comprising information about 
the secure mufticast transmission; 

receiving, at the multicast session security plat- 
form, a request for the multicast transmission 
security information from a requesting multi- 
cast receiver; and 
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determining if the requesting multicast receiver 
is authorized to receive the secure multicast 
transmission. 

4. The method of claim 3, further comprising: 5 

sending the multicast transmission security 
information to the requesting multicast receiver 
if the requesting multicast receiver is author- 
ized to receive the secure multicast transmis- 10 
sion. 

5. The method of claim 3, wherein the secure multi- 
cast transmission reservation further comprises 
information about which multicast receivers are is 
authorized to receive the secure multicast transmis- 
sion, and wherein said step of determining is per- 
formed using information from the secure multicast 
transmission reservation. 

20 

6. The method of claim 3, wherein the secure multi- 
cast transmission reservation further comprises the 
multicast transmission security information. 

7. The method of claim 4, wherein said step of receiv- 25 
ing comprises receiving a plurality of requests for 
the multicast transmission security information from 

a plurality of requesting multicast receivers, and 
wherein said steps of determining and sending are 
performed for each of the plurality of requesting 30 
multicast receivers. 

8. The method of claim 3, wherein the multicast trans- 
mission security information comprises Internet 
Protocol Security (IPSEC) information needed to 35 
receive the secure multicast transmission. 

9. The method of claim 8, wherein the IPSEC informa- 
tion comprises Security Association (SA) informa- 
tion needed to receive the secure multicast 40 
transmission. 

10. The method of claim 3, wherein said step of receiv- 
ing comprises receiving the request for multicast 
transmission security information as a unicast Inter- 45 
net Protocol Security (IPSEC) transmission. 

1 1 . The method of claim 3, further comprising the step 
of: 

50 

receiving billing information from the request- 
ing multicast receiver. 

12. The method of claim 7, wherein said step of deter- 
mining is performed using the billing information ss 
received from the requesting multicast receiver. 

13. The method of claim 3, further comprising the step 



of: 

sending billing information to the sender of the 
secure multicast transmission. 

14. The method of daim 3, wherein the secure multi- 
cast transmission reservation is received using a 
communication network information page. 

1 5. The method of claim 3, wherein the request for mul- 
ticast transmission security information is received 
using a communication network information page. 

16. A method for providing Internet Protocol Security 
(IPSEC) Security Association (SA) information 
related to a secure multicast transmission, compris- 
ing the steps of: 

receiving, at a multicast session security plat- 
form, a secure multicast transmission reserva- 
tion from a sender of the secure multicast 
transmission, wherein the secure multicast 
transmission reservation includes the IPSEC 
SA information and information about author- 
ized multicast receivers; 

receiving, at the multicast session security plat- 
form, a plurality of requests for the IPSEC SA 
information from a plurality of requesting multi- 
cast receivers; 

determining if each of the plurality of request- 
ing multicast receivers is authorized to receive 
the IPSEC SA information based on informa- 
tion about authorized multicast receivers con- 
tained in the secure multicast transmission 
reservation; and 

sending the IPSEC SA information to author- 
ized requesting multicast receivers. 

17. A multicast session security platform, comprising: 

a first communication port configured to 
receive a secure multicast transmission reser- 
vation, including multicast transmission secu- 
rity information and information about 
authorized multicast receivers, from a sender 
of a secure multicast transmission; 
a second communication port configured to 
receive a plurality of requests for the multicast 
transmission security information from a plural- 
ity of requesting multicast receivers; and 
a server system coupled to said first and sec- 
ond communication ports, said server system 
being configured to determine if each of the 
plurality of requesting multicast receivers is 
authorized to receive the multicast transmis- 
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sion security information based on the informa- 
tion about authorized multicast receivers 
contained in the secure multicast transmission 
reservation. 

5 

18. An article of manufacture comprising a computer- 
readable medium having stored therein instructions 
adapted to be executed by a processor, the instruc- 
tions which, when executed, define a series of 
steps for providing multicast transmission security io 
information, said steps comprising: 

receiving, at a multicast session security plat- 
form, a secure multicast transmission reserva- 
tion from a sender of a secure multicast 75 
transmission, the secure multicast transmis- 
sion reservation comprising information about 
the secure multicast transmission; 

receiving, at the multicast session security plat- 20 
form, a request for the multicast transmission 
security information from a requesting multi- 
cast receiver; and 

determining if the requesting multicast receiver 25 
is authorized to receive the secure multicast 
transmission. 

19. The medium of claim 18, wherein the steps further 
comprise: 30 

sending the multicast transmission security 
information to the requesting multicast receiver 
if the requesting multicast receiver is author- 
ized to receive the secure multicast transmis- 35 
sion. 

20. The medium of claim 18, wherein the secure multi- 
cast transmission reservation further comprises 
information about which multicast receivers are 40 
authorized to receive the secure multicast transmis- 
sion, and wherein the step of determining is per- 
formed using information from the secure multicast 
transmission reservation. 

45 

21. An article of manufacture comprising a computer- 
readable medium having stored therein instructions 
adapted to be executed by a processor, the instruc- 
tions which, when executed, define a series of 
steps for receiving multicast transmission security so 
information, said steps comprising: 

sending a request for the multicast transmis- 
sion security information to a multicast session 
security platform, the request including at least ss 
one of (a) user identification information, (b) 
billing information and (c) multicast transmis- 
sion identification information; 



receiving the multicast transmission security 
information from the multicast session security 
platform; and 

receiving, using the multicast transmission 
security information, a secure multicast trans- 
mission from a sender other than the multicast 
session security platform. 
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